This document has been created to review OAuth Configurations in terms of System Refresh activity
- You are planning to refresh one of your systems (e.g. Production [source] > Test [target] )
- You would like to know if OAuth Configurations (Manage OAuth2 Client Applications) will be copied from source to target system
SAP SuccessFactors HXM Suite
Currently, the system refresh can be performed in the two ways outlined below:
- Manual Refresh (standard process for last number of years)
This involves customer / partner logging an incident with Cloud Support (LOD-SF-PLT-REF)
The request is validated by Support and the refresh is then performed by our Operations team.
For instances where a Manual IR took place after June 4th:
A mechanism was implemented to automatically refresh and regenerate OAuth settings and X509 certificate during manual IR (IMPORTANT: this applies only to OAuth clients maintained in the Security Center. Clients maintained in Manage OAuth2 Client Applications are excluded from this automated refresh, so manual maintenance will be required instead)
- After these changes are deployed, code will automatically take care of refreshing OAuth settings and X509 certificate.
- No manual step required for these settings from Customer/Ops Team/CPS teams, just like in Auto IR.
- Instance Refresh Tool
Refresh can now be performed on the customer / partner end, using the Instance Refresh Tool available via Admin Center. Please see KBA 2791468 on how to configure and use the tool.
When refresh is performed via the tool, then the OAuth2 Client Configuration and other security related artifacts like X.509 certificates, key pairs WILL NOT be copied from source to target.
OAuth2 Client Configurations, System Refresh, Manual Refresh, Instance Refresh Tool , KBA , LOD-SF-INT-ODATA , OData API Framework , LOD-SF-INT , Integrations , LOD-SF-PLT , Platform Foundational Capabilities , Problem